Bug 1342401
Summary: | Allow NetworkManager to create temporary /etc/resolv.conf.XXXXXX file | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Thomas Haller <thaller> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Milos Malik <mmalik> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 7.3 | CC: | jneedle, jsefler, jstancek, lvrabec, mmalik, petergre, plautrba, psklenar, pvrabec, ssekidde, thaller |
Target Milestone: | rc | Keywords: | TestBlocker |
Target Release: | --- | Flags: | thaller:
needinfo-
|
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.13.1-80.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-08-13 15:04:12 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1337222 |
Description
Thomas Haller
2016-06-03 08:01:28 UTC
Thomas, Is this feature also in Fedora? (In reply to Lukas Vrabec from comment #2) > Thomas, > Is this feature also in Fedora? yes. Fedora 24+ and rhel-7.3 both have NetworkManager 1.2.0+. The behavior from comment 1 is necessary with "rc-manager=file" configuration setting. In this case, NM now wants to create temporary file /etc/resolv.conf.XXXXXX (instead of /etc/resolv.conf.tmp). rc-manager=file will be the default on rhel-7.3, but not on Fedora. There is another, new mode: rc-manager=symlink. This is the default on Fedora 24+. I think, the policy should allow for both ways (rc-manager=file|symlink) on both Fedora and RHEL -- even if the default differs between them. Another thing... with rc-manager=symlink, NM wants to create a temporary symlink "/etc/.resolv.conf.NetworkManager" and renames that over to /etc/resolv.conf. The policy should allow for that too. Strangely enough, this already works for me on Fedora 23, so I guess there is already a policy change to allow that. Could you please confirm that this is allowed too? The requested permissions seem to have already been present in the current version as a result of other implemented changes, hence closing CURRENTRELEASE. |